[cryptography] [liberationtech] Random number generator failure in Rasperri Pis?

David Johnston dj at deadhat.com
Fri Jul 19 21:27:40 EDT 2013


On 7/19/2013 10:13 AM, Mahrud S wrote:
> Isn't the thermal noise a good enough entropy source? I mean, it's a 
> $25 computer, you can't expect much of it.
>
>
Directly sampled thermal noise entropy sources have proven:
1) Difficult to model mathematically to determine safe value for min 
entropy.
2) Difficult to determine will work constantly across all environmental 
conditions and the lifetime of the device
3) Difficult to self test in circuit

Three independent sources is a lot more convenient because you can then 
use a 3 input extractor such as the BIW 3 input extractor which is 
beautifully simple in HW and permits constant time implementations in 
SW. However it does require that you know the min entropy in order to 
know the min entropy of the resulting number. It's good for toy noise 
sources because you can assume a really low min-entropy, iterate a few 
times and have a good result.

It's the difference between 'It looks random to me' and 'I know and 
understand the basis on which I believe this to be random'.

Binary process noise samplers are much easier to model, test and build, 
which is why we went that way for Intel chips. The RNG only takes a tiny 
sliver of silicon. You might as well get it right.

David



More information about the cryptography mailing list